Task #7632
closedSetup rados / s3 storage on ceph
Added by Nico Schottelius about 4 years ago. Updated about 4 years ago.
0%
Description
- Including permissions
- Document the setup
- Document how to use it
Updated by ll nu about 4 years ago
using this manual the radosgw is configured at rgw.llnu.at
We don't have ceph-deploy/redhat init scripts so some parts of the setup might be missing
It starts up, talks to the monitor (checked via tcpdup) however it doesnt start to listen at port :80 via civetweb as it was specified in the ceph.conf file:
[client.rgw.rgw]
host = rgw
#rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
rgw frontends = "civetweb port=80"
log file = /var/log/ceph/ceph-rgw-gateway.log
rgw dns name = rgw.llnu.at
keyring = /var/lib/ceph/radosgw/ceph-rgw.rgw/keyring
Updated by ll nu about 4 years ago
Radosgw is running. The correct way to start is1:
/usr/bin/radosgw --cluster ceph --name client.rgw.`hostname -s` -setuser ceph --setgroup cephatm I'm tweaking the settings to setup ssl, and ipv6 support
1: (it wasnt writted anywhere but one must supply the --name argument, without it doesnt work, and it wont complain either -.-)
Updated by ll nu about 4 years ago
updated conf with ssl
[client.rgw.rgw]
host = rgw
#rgw socket path = /var/run/ceph/ceph.radosgw.gateway.fastcgi.sock
rgw socket path = /tmp/radosgw.sock
rgw frontends = beast ssl_port=443 ssl_certificate=/etc/letsencrypt/live/rgw.llnu.at/cert.pem ssl_private_key=/etc/letsencrypt/live/rgw.llnu.at/privkey.pem
log file = /var/log/ceph/ceph-rgw-gateway.log
rgw dns name = rgw.llnu.at
keyring = /var/lib/ceph/radosgw/ceph-rgw.rgw/keyring
Updated by Nico Schottelius about 4 years ago
Note for production checking: what happens/is required to do if the
certificate is replaced with a new one?
redmine@ungleich.ch writes:
Updated by ll nu about 4 years ago
thats a good question, first ill test the existing setup wildcard cert setup: certbot certonly --manual --preferred-challenges=dns --email llnu@protonmail.ch --server https://acme-v02.api.letsencrypt.org/direct ory --agree-tos -d *.rgw.llnu.a challange: Please deploy a DNS TXT record under the name _acme-challenge.rgw.llnu.at with the following value: added to bind: _acme-challenge.rgw TXT "kEuj7KknBtnGzUAVykfqfvlH6d0qwflF5FDY3SwNg7M" added wildcard dns entries so all domains under .rgw.llnu.at will resolve to 1 ip *.rgw AAAA 2a0a:e5c0:10:bee:0:ff:fe00:205 testing begins here: add user: radosgw-admin user create --uid="testuser" --display-name="First User" list keys/infos about a user radosgw-admin user info --uid=testuser git to useful ceph test programs: https://github.com/ronaldddilley/ceph-s3-examples depreceated: with python.boto, as described on https://docs.ceph.com/docs/nautilus/install/install-ceph-gateway/ to create a user: radosgw-admin user create --uid="testuser" --display-name="First User" # note here the access/secret key
Updated by ll nu about 4 years ago
- Status changed from Seen to Closed